PHP Code Audit 1-Audit environment and debug function

Audit environment and debugging function

Audit environment

Test environment

Common integration Environment: Phpstudy, Wampserver

#不同的操作系统下, the results of the vulnerability test may also be different

PHP Authoring Tools

Editplu

notepad++

Code Auditing Tools

Seay

Code Audit Platform

DVWA (Note: Under Windows, you need to change the password in the configuration file to empty)

Zvuldrill (Note: You need to re-import the database file)

Vulnerability verification AIDS

Burp Suite

Browser extensions (Hack Bar, Firebug, Modify)

Regular Debugging Tools

SQL Execution Monitoring Tool

Common debugging functions

echo () output function, commonly used to output variable values, or you are not sure which branch the program executes to use the same as print ()

Print_r () is used to output arrays and object data, typically when looking at the return value of an interface, or certain variables that are not quite deterministic. If you want to capture the output of Print_r () , you can use the return parameter

Var_dump () print variable-related content, including data types

Var_export () The string representation of the output or return variable, which can be directly assigned using the #注: It outputs null for a variable of the resource type

Debug_zval_dump output is similar to Var_dump, you can record how many times a variable has been referenced "an important feature of the copy on write mechanism of PHP"

Exit () Quit function to terminate page run

The difference between a single quote and a double quotation mark

Double quotes parse variables and special characters (so you need to escape when you're expressing text)

Single quotation mark does not parse variable, all characters in it are just text

PHP Code Audit 1-Audit environment and debug function